Ransomware Readiness Checklist

Interactive assessment based on the CISA Stop Ransomware Guide. All client-side, no data leaves your browser.

Overall Readiness0% Critical

0 of 26 controls implemented

💾

Backups & Recovery

Offline backups

Maintain offline (air-gapped) backups of critical data that cannot be reached by ransomware on the network.

High

Backup testing

Regularly test backup restoration procedures to verify data integrity and recovery time.

3-2-1 backup rule

Follow the 3-2-1 rule: 3 copies, 2 different media types, 1 offsite/offline copy.

Backup encryption

Encrypt backup data at rest and in transit to prevent exfiltration of backup contents.

Backup isolation

Ensure backup systems are isolated from the production network with separate credentials.

High

🔒

Access Control

Multi-factor authentication (MFA)

Enforce MFA on all remote access, email, VPN, and privileged accounts.

High

Least privilege access

Apply least privilege principle: users and service accounts only have permissions they need.

High

Admin account audit

Regularly audit administrative accounts, disable unused accounts, and review privilege levels.

RDP restrictions

Disable or restrict RDP. If required, use VPN with MFA and network-level authentication.

High

Privileged Access Management (PAM)

Implement PAM solutions with session recording, just-in-time access, and credential vaulting.

🛡

Patch Management

OS patching

Apply operating system security patches within 14 days of release, critical patches within 48 hours.

High

Application patching

Keep all applications updated, especially internet-facing ones (Exchange, VPN appliances, web servers).

High

Firmware updates

Maintain firmware updates on network devices, firewalls, and IoT/OT devices.

Vulnerability scanning

Run regular vulnerability scans and prioritize remediation by CVSS score and exploitability (EPSS).

📧

Email & Phishing Defense

Email filtering

Deploy email security gateway with URL rewriting, attachment analysis, and impersonation protection.

High

DMARC enforcement

Implement SPF, DKIM, and DMARC (policy=reject) to prevent email spoofing of your domain.

Attachment sandboxing

Detonate suspicious attachments (Office macros, executables, archives) in a sandbox before delivery.

Security awareness training

Conduct regular phishing simulations and security awareness training for all employees.

High

🌐

Network Security

Network segmentation

Segment the network to limit lateral movement. Isolate critical assets, OT, and backup systems.

High

EDR/XDR deployment

Deploy endpoint detection and response (EDR/XDR) on all endpoints with behavioral analysis enabled.

High

Network monitoring

Monitor network traffic for anomalies, C2 beaconing patterns, and unauthorized data transfers.

Firewall rules review

Review and harden firewall rules quarterly. Block unnecessary outbound traffic and known malicious IPs.

🚨

Incident Response

IR plan documented

Maintain a written incident response plan with specific ransomware scenarios and decision trees.

High

IR team identified

Designate an incident response team with clear roles, contact info, and escalation procedures.

High

IR plan tested (tabletop)

Conduct tabletop exercises or simulations at least annually to validate the IR plan.

Communication plan

Prepare communication templates for stakeholders, legal, law enforcement, and media in case of ransomware.

Assessment Summary

Backups & Recovery

Critical

Access Control

Critical

Patch Management

Critical

Email & Phishing Defense

Critical

Network Security

Critical

Incident Response

Critical

Priority Recommendations:

P1Offline backups(Backups & Recovery)

P1Backup isolation(Backups & Recovery)

P1Multi-factor authentication (MFA)(Access Control)

P1Least privilege access(Access Control)

P1RDP restrictions(Access Control)

P1OS patching(Patch Management)

P1Application patching(Patch Management)

P1Email filtering(Email & Phishing Defense)

+ 18 more items to address

Get Detailed Report

Receive a comprehensive PDF report with remediation guidance tailored to your gaps.

Related Resources

Ransomware Intelligence Detection Engineering DFIR & Forensics Compliance & Regulations CISA Stop Ransomware All Security Tools

Based on CISA Stop Ransomware Guide and NIST Cybersecurity Framework recommendations. This tool is for informational purposes only and does not constitute professional security advice. All data stays in your browser.